CVE-2022-27193

EPSS 0.2%
Veröffentlicht 15.03.2022 05:15:07
Zuletzt bearbeitet 21.11.2024 06:55:22
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cvrf-csaf-converter Project ≫ Cvrf-csaf-converter Version1.0.0 Updatealpha

Cvrf-csaf-converter Project ≫ Cvrf-csaf-converter Version1.0.0 Updatedev1

Cvrf-csaf-converter Project ≫ Cvrf-csaf-converter Version1.0.0 Updatedev2

Cvrf-csaf-converter Project ≫ Cvrf-csaf-converter Version1.0.0 Updatedev3

Cvrf-csaf-converter Project ≫ Cvrf-csaf-converter Version1.0.0 Updaterc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.418

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
cve@mitre.org	6.1	1.8	4.2	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://github.com/csaf-tools/CVRF-CSAF-Converter/releases/tag/1.0.0-rc2

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-27193

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-27193

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-27193

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-27193